After upgrade to 6.7.x SGOS you are trying to join Proxy to domain in IWA Direct and when you try to join getting error message "nerr_dcnotfound".
During Domain Controller Selection Mechanism, The ProxySG / ASG appliance (using IWA-Direct) queries an SRV record in DNS and sends an "LDAP ping" packet to the DCs that it finds. The LDAP ping is a small LDAP-over-UDP packet. In this scenario Domain controller is rejecting UDP pings.
In LSA debug you can see something like
"TRACE: netlogon - [LWNetSrvPingCLdapThread() lwnet.c:927] Failed CLDAP ping"
Force proxy to use TCP on ldap pings by using the commands below in CLI (use SSH console)
#(config windows-domains)ldap-ping-protocol tcp